FFI Code Execution Vulnerability
Summary
The foundry.toml configuration file has the ffi option set to true, allowing for arbitrary code execution during the forge test or forge coverage commands. This can be exploited by a malicious developer to execute malicious code on the machines of other users running these commands, potentially leading to unauthorized actions or compromising the security of the system.
Vulnerability Details
The vulnerable configuration can be found in the foundry.toml file. By setting the ffi option to true, any code that is included in the test files can be executed during the forge test or forge coverage commands. This can be abused by a malicious developer to execute arbitrary commands on the machines of other users.
There is already a "malicious code"/"PoC" in test files :
PoC
Impact
This vulnerability allows a malicious developer to execute arbitrary code on the machines of other users running the forge test or forge coverage commands. This can lead to unauthorized actions, compromise the security of system’s hawkers/testers, and potentially infect the machines with malware.
Tools Used
Manual review
Recommendations
To fix this vulnerability, the ffi option should be set to false in the foundry.toml configuration file. By disabling the execution of arbitrary code, the risk of unauthorized actions and compromising the security of the system can be mitigated. Moreover, ffi is not useful in any other tests.
Lead Judging Commences
test_pwned FFI vulnerability
The FFI variable within Foundry.TOML was set to TRUE. This variable gives foundry shell access and allows it to run commands on your terminal. The possibility of exploitation through this means are endless! This repo exploited this flag through test_pwned Keep an eye out before running tests!
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.